Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump the npm_and_yarn group across 1 directory with 19 updates #79

Open
wants to merge 1 commit into
base: develop
Choose a base branch
from
Open

Bump the npm_and_yarn group across 1 directory with 19 updates #79

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link

@dependabot dependabot bot commented on behalf of github Mar 29, 2024

Bumps the npm_and_yarn group with 17 updates in the / directory:

Package From To
protobufjs 6.11.3 6.11.4
lodash 4.17.15 4.17.21
babel-eslint 4.1.8 10.1.0
eslint 1.10.3 8.57.0
minimist 1.2.0 1.2.8
mkdirp 0.5.1 0.5.6
browserify-sign 4.0.4 4.2.3
decode-uri-component 0.2.0 0.2.2
express 4.18.2 4.19.2
loader-utils 1.2.3 1.4.2
webpack-cli 3.3.8 3.3.12
follow-redirects 1.15.2 1.15.6
fsevents 1.2.9 1.2.13
ip 1.1.8 1.1.9
node-forge 0.10.0 1.3.1
webpack-dev-server 3.11.3 5.0.4
terser 4.3.1 4.8.1

Updates protobufjs from 6.11.3 to 6.11.4

Commits

Updates lodash from 4.17.15 to 4.17.21

Commits
  • f299b52 Bump to v4.17.21
  • c4847eb Improve performance of toNumber, trim and trimEnd on large input strings
  • 3469357 Prevent command injection through _.template's variable option
  • ded9bc6 Bump to v4.17.20.
  • 63150ef Documentation fixes.
  • 00f0f62 test.js: Remove trailing comma.
  • 846e434 Temporarily use a custom fork of lodash-cli.
  • 5d046f3 Re-enable Travis tests on 4.17 branch.
  • aa816b3 Remove /npm-package.
  • d7fbc52 Bump to v4.17.19
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by bnjmnt4n, a new releaser for lodash since your current version.


Updates babel-eslint from 4.1.8 to 10.1.0

Release notes

Sourced from babel-eslint's releases.

v10.1.0

v10.0.3

Fixes babel/babel-eslint#791, also eslint/eslint#12117

Some context: babel/babel-eslint#793

We ended up going with @​JLHwung's PR babel/babel-eslint#794 which uses ESLint's deps instead of going with peerDeps since it really depends on the version being used and we don't want users to have to install it directly on their own.

babel-eslint is patching patches of the dependencies of ESLint itself so these kinds of issues have happened in the past. We'll need to look into figuring out how to have a more solid way of modifying behavior instead of this monkeypatching type of thing for future releases.

v10.0.2

Fixes babel/babel-eslint#772

v10.0.1

The TypeAlias "conversion" to a function has issues. Sounds like we need to rethink the change, most likely we can just actually change the scoping rather than hardcode an AST change.

v10.0.0

Small breaking change: add a peerDependency starting from the ESLint version that added a parser feature that we were monkeypatching before (and drop that code). If already using ESLint 5 shouldn't be any different.

/* @flow */
type Node<T> = { head: T; tail: Node<T> }
// or
type File = {chunks: Array<Chunk>}
type Chunk = {file: File}

v9.0.0

We've released v7: https://twitter.com/left_pad/status/1034204330352500736, so this just updates babel-eslint to use those versions internally. That in itself doesn't break anything but:

  • Babel now supports the new decorators proposal by default, so we need to switch between the new and the old proposal. This is a breaking change.

To enable the legacy decorators proposal users should add a specific parser option:

{
</tr></table>

... (truncated)

Commits

Updates eslint from 1.10.3 to 8.57.0

Release notes

Sourced from eslint's releases.

v8.57.0

Features

  • 1120b9b feat: Add loadESLint() API method for v8 (#18098) (Nicholas C. Zakas)
  • dca7d0f feat: Enable eslint.config.mjs and eslint.config.cjs (#18066) (Nitin Kumar)

Bug Fixes

  • 2196d97 fix: handle absolute file paths in FlatRuleTester (#18064) (Nitin Kumar)
  • 69dd1d1 fix: Ensure config keys are printed for config errors (#18067) (Nitin Kumar)
  • 9852a31 fix: deep merge behavior in flat config (#18065) (Nitin Kumar)
  • 4c7e9b0 fix: allow circular references in config (#18056) (Milos Djermanovic)

Documentation

  • 84922d0 docs: Show prerelease version in dropdown (#18139) (Nicholas C. Zakas)
  • 5b8c363 docs: Switch to Ethical Ads (#18117) (Milos Djermanovic)
  • 77dbfd9 docs: show NEXT in version selectors (#18052) (Milos Djermanovic)

Chores

  • 1813aec chore: upgrade @​eslint/js@​8.57.0 (#18143) (Milos Djermanovic)
  • 5c356bb chore: package.json update for @​eslint/js release (Jenkins)
  • f4a1fe2 test: add more tests for ignoring files and directories (#18068) (Nitin Kumar)
  • 42c0aef ci: Enable CI for v8.x branch (#18047) (Milos Djermanovic)

v8.56.0

Features

  • 0dd9704 feat: Support custom severity when reporting unused disable directives (#17212) (Bryan Mishkin)
  • 31a7e3f feat: fix no-restricted-properties false negatives with unknown objects (#17818) (Arka Pratim Chaudhuri)

Bug Fixes

  • 7d5e5f6 fix: TypeError: fs.exists is not a function on read-only file system (#17846) (Francesco Trotta)
  • 74739c8 fix: suggestion with invalid syntax in no-promise-executor-return rule (#17812) (Bryan Mishkin)

Documentation

  • 9007719 docs: update link in ways-to-extend.md (#17839) (Amel SELMANE)
  • 3a22236 docs: Update README (GitHub Actions Bot)
  • 54c3ca6 docs: fix migration-guide example (#17829) (Tanuj Kanti)
  • 4391b71 docs: check config comments in rule examples (#17815) (Francesco Trotta)
  • fd28363 docs: remove mention about ESLint stylistic rules in readme (#17810) (Zwyx)
  • 48ed5a6 docs: Update README (GitHub Actions Bot)

Chores

  • ba6af85 chore: upgrade @​eslint/js@​8.56.0 (#17864) (Milos Djermanovic)
  • 60a531a chore: package.json update for @​eslint/js release (Jenkins)
  • ba87a06 chore: update dependency markdownlint to ^0.32.0 (#17783) (renovate[bot])
  • 9271d10 chore: add GitHub issue template for docs issues (#17845) (Josh Goldberg ✨)
  • 70a686b chore: Convert rule tests to FlatRuleTester (#17819) (Nicholas C. Zakas)
  • f3a599d chore: upgrade eslint-plugin-unicorn to v49.0.0 (#17837) (唯然)
  • 905d4b7 chore: upgrade eslint-plugin-eslint-plugin v5.2.1 (#17838) (唯然)
  • 4d7c3ce chore: update eslint-plugin-n v16.4.0 (#17836) (唯然)
  • fd0c60c ci: unpin Node.js 21.2.0 (#17821) (Francesco Trotta)

... (truncated)

Changelog

Sourced from eslint's changelog.

v8.57.0 - February 23, 2024

  • 1813aec chore: upgrade @​eslint/js@​8.57.0 (#18143) (Milos Djermanovic)
  • 5c356bb chore: package.json update for @​eslint/js release (Jenkins)
  • 84922d0 docs: Show prerelease version in dropdown (#18139) (Nicholas C. Zakas)
  • 1120b9b feat: Add loadESLint() API method for v8 (#18098) (Nicholas C. Zakas)
  • 5b8c363 docs: Switch to Ethical Ads (#18117) (Milos Djermanovic)
  • 2196d97 fix: handle absolute file paths in FlatRuleTester (#18064) (Nitin Kumar)
  • f4a1fe2 test: add more tests for ignoring files and directories (#18068) (Nitin Kumar)
  • 69dd1d1 fix: Ensure config keys are printed for config errors (#18067) (Nitin Kumar)
  • 9852a31 fix: deep merge behavior in flat config (#18065) (Nitin Kumar)
  • dca7d0f feat: Enable eslint.config.mjs and eslint.config.cjs (#18066) (Nitin Kumar)
  • 4c7e9b0 fix: allow circular references in config (#18056) (Milos Djermanovic)
  • 77dbfd9 docs: show NEXT in version selectors (#18052) (Milos Djermanovic)
  • 42c0aef ci: Enable CI for v8.x branch (#18047) (Milos Djermanovic)

v9.0.0-beta.0 - February 9, 2024

  • e40d1d7 chore: upgrade @​eslint/js@​9.0.0-beta.0 (#18108) (Milos Djermanovic)
  • 9870f93 chore: package.json update for @​eslint/js release (Jenkins)
  • 2c62e79 chore: upgrade @​eslint/eslintrc@​3.0.1 (#18107) (Milos Djermanovic)
  • 81f0294 chore: upgrade [email protected] (#18106) (Milos Djermanovic)
  • 5e2b292 chore: upgrade [email protected] (#18105) (Milos Djermanovic)
  • 9163646 feat!: Rule Tester checks for missing placeholder data in the message (#18073) (fnx)
  • 53f0f47 feat: Add loadESLint() API method for v9 (#18097) (Nicholas C. Zakas)
  • f1c7e6f docs: Switch to Ethical Ads (#18090) (Strek)
  • 15c143f docs: JS Foundation -> OpenJS Foundation in PR template (#18092) (Nicholas C. Zakas)
  • c4d26fd fix: use-isnan doesn't report on SequenceExpressions (#18059) (StyleShit)
  • 6ea339e docs: add stricter rule test validations to v9 migration guide (#18085) (Milos Djermanovic)
  • ce838ad chore: replace dependency npm-run-all with npm-run-all2 ^5.0.0 (#18045) (renovate[bot])
  • 3c816f1 docs: use relative link from CLI to core concepts (#18083) (Milos Djermanovic)
  • 54df731 chore: update dependency markdownlint-cli to ^0.39.0 (#18084) (renovate[bot])
  • 9458735 docs: fix malformed eslint config comments in rule examples (#18078) (Francesco Trotta)
  • 07a1ada docs: link from --fix CLI doc to the relevant core concept (#18080) (Bryan Mishkin)
  • 8f06a60 chore: update dependency shelljs to ^0.8.5 (#18079) (Francesco Trotta)
  • b844324 docs: Update team responsibilities (#18048) (Nicholas C. Zakas)
  • aadfb60 docs: document languageOptions and other v9 changes for context (#18074) (fnx)
  • 3c4d51d feat!: default for enforceForClassMembers in no-useless-computed-key (#18054) (Francesco Trotta)
  • 47e60f8 feat!: Stricter rule test validations (#17654) (fnx)
  • 1a94589 feat!: no-unused-vars default caughtErrors to 'all' (#18043) (Josh Goldberg ✨)
  • 857e242 docs: tweak explanation for meta.docs rule properties (#18057) (Bryan Mishkin)
  • 10485e8 docs: recommend messageId over message for reporting rule violations (#18050) (Bryan Mishkin)
  • 98b5ab4 docs: Update README (GitHub Actions Bot)
  • 93ffe30 chore: update dependency file-entry-cache to v8 (#17903) (renovate[bot])
  • 505fbf4 docs: update no-restricted-imports rule (#18015) (Tanuj Kanti)
  • 2d11d46 feat: add suggestions to use-isnan in binary expressions (#17996) (StyleShit)
  • c25b4af docs: Update README (GitHub Actions Bot)

v9.0.0-alpha.2 - January 26, 2024

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by eslintbot, a new releaser for eslint since your current version.


Updates minimatch from 2.0.10 to 3.0.4

Changelog

Sourced from minimatch's changelog.

change log

9.0

  • No default export, only named exports.

8.0

  • Recursive descent parser for extglob, allowing correct support for arbitrarily nested extglob expressions
  • Bump required Node.js version

7.4

  • Add escape() method
  • Add unescape() method
  • Add Minimatch.hasMagic() method

7.3

  • Add support for posix character classes in a unicode-aware way.

7.2

  • Add windowsNoMagicRoot option

7.1

  • Add optimizationLevel configuration option, and revert the default back to the 6.2 style minimal optimizations, making the advanced transforms introduced in 7.0 opt-in. Also, process provided file paths in the same way in optimizationLevel:2 mode, so most things that matched with optimizationLevel 1 or 0 should match with level 2 as well. However, level 1 is the default, out of an abundance of caution.

7.0

  • Preprocess patterns to simplify complicated patterns and reduce out .. pattern portions where possible. Note that this means a pattern like a/b/../* will be equivalent to a/*, and will not match the string a/b/../c. If this causes problems, it can be addressed in a patch release by resolving .. portions in the test string.

6.2

  • Add nocaseMagicOnly flag

6.1

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by isaacs, a new releaser for minimatch since your current version.


Updates minimist from 1.2.0 to 1.2.8

Changelog

Sourced from minimist's changelog.

v1.2.8 - 2023-02-09

Merged

Fixed

Commits

  • Merge tag 'v0.2.3' a026794
  • [eslint] fix indentation and whitespace 5368ca4
  • [eslint] fix indentation and whitespace e5f5067
  • [eslint] more cleanup 62fde7d
  • [eslint] more cleanup 36ac5d0
  • [meta] add auto-changelog 73923d2
  • [actions] add reusable workflows d80727d
  • [eslint] add eslint; rules to enable later are warnings 48bc06a
  • [eslint] fix indentation 34b0f1c
  • [readme] rename and add badges 5df0fe4
  • [Dev Deps] switch from covert to nyc a48b128
  • [Dev Deps] update covert, tape; remove unnecessary tap f0fb958
  • [meta] create FUNDING.yml; add funding in package.json 3639e0c
  • [meta] use npmignore to autogenerate an npmignore file be2e038
  • Only apps should have lockfiles 282b570
  • isConstructorOrProto adapted from PR ef9153f
  • [Dev Deps] update @ljharb/eslint-config, aud 098873c
  • [Dev Deps] update @ljharb/eslint-config, aud 3124ed3
  • [meta] add safe-publish-latest 4b927de
  • [Tests] add aud in posttest b32d9bd
  • [meta] update repo URLs f9fdfc0
  • [actions] Avoid 0.6 tests due to build failures ba92fe6
  • [Dev Deps] update tape 950eaa7
  • [Dev Deps] add missing npmignore dev dep 3226afa
  • Merge tag 'v0.2.2' 980d7ac

v1.2.7 - 2022-10-10

Commits

... (truncated)

Commits
  • 6901ee2 v1.2.8
  • a026794 Merge tag 'v0.2.3'
  • c0b2661 v0.2.3
  • 63b8fee [Fix] Fix long option followed by single dash (#17)
  • 72239e6 [Tests] Remove duplicate test (#12)
  • 34b0f1c [eslint] fix indentation
  • 3226afa [Dev Deps] add missing npmignore dev dep
  • 098873c [Dev Deps] update @ljharb/eslint-config, aud
  • 9ec4d27 [Fix] Fix long option followed by single dash
  • ba92fe6 [actions] Avoid 0.6 tests due to build failures
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by ljharb, a new releaser for minimist since your current version.


Updates mkdirp from 0.5.1 to 0.5.6

Commits
Maintainer changes

This version was pushed to npm by isaacs, a new releaser for mkdirp since your current version.


Updates browserify-sign from 4.0.4 to 4.2.3

Changelog

Sourced from browserify-sign's changelog.

v4.2.3 - 2024-03-05

Commits

v4.2.2 - 2023-10-25

Fixed

Commits

  • Only apps should have lockfiles 09a8995
  • [eslint] switch to eslint 83fe463
  • [meta] add npmignore and auto-changelog 4418183
  • [meta] fix package.json indentation 9ac5a5e
  • [Tests] migrate from travis to github actions d845d85
  • [Fix] sign: throw on unsupported padding scheme 8767739
  • [Fix] properly check the upper bound for DSA signatures 85994cd
  • [Tests] handle openSSL not supporting a scheme f5f17c2
  • [Deps] update bn.js, browserify-rsa, elliptic, parse-asn1, readable-stream, safe-buffer a67d0eb
  • [Dev Deps] update nyc, standard, tape cc5350b
  • [Tests] always run coverage; downgrade nyc 75ce1d5
  • [meta] add safe-publish-latest dcf49ce
  • [Tests] add npm run posttest 75dd8fd
  • [Dev Deps] update tape 3aec038
  • [Tests] skip unsupported schemes 703c83e
  • [Tests] node < 6 lacks array includes 3aa43cf
  • [Dev Deps] fix eslint range 98d4e0d

v4.2.1 - 2020-08-04

Merged

v4.2.0 - 2020-05-18

Merged

... (truncated)

Commits
  • bf2c3ec v4.2.3
  • 9247adf [patch] widen support to 0.12
  • f427270 [Deps] update `parse-asn1
  • 87f3a35 [Dev Deps] update aud, npmignore, tape
  • fb261ce [Deps] update elliptic
  • 4d0ee49 [patch] drop minimum node support to v1
  • 9e2bf12 [Deps] pin hash-base to ~3.0, due to a breaking change
  • 168e16f [Deps] pin elliptic due to a breaking change
  • 37a4758 [actions] remove redundant finisher
  • 4af5a90 v4.2.2
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by ljharb, a new releaser for browserify-sign since your current version.


Updates decode-uri-component from 0.2.0 to 0.2.2

Release notes

Sourced from decode-uri-component's releases.

v0.2.2

  • Prevent overwriting previously decoded tokens 980e0bf

SamVerschueren/decode-uri-component@v0.2.1...v0.2.2

v0.2.1

  • Switch to GitHub workflows 76abc93
  • Fix issue where decode throws - fixes #6 746ca5d
  • Update license (#1) 486d7e2
  • Tidelift tasks a650457
  • Meta tweaks 66e1c28

SamVerschueren/decode-uri-component@v0.2.0...v0.2.1

Commits

Updates express from 4.18.2 to 4.19.2

Release notes

Sourced from express's releases.

4.19.2

What's Changed

Full Changelog: expressjs/express@4.19.1...4.19.2

4.19.1

What's Changed

Full Changelog: expressjs/express@4.19.0...4.19.1

4.19.0

What's Changed

New Contributors

Full Changelog: expressjs/express@4.18.3...4.19.0

4.18.3

Main Changes

Other Changes

... (truncated)

Changelog

Sourced from express's changelog.

4.19.2 / 2024-03-25

  • Improved fix for open redirect allow list bypass

4.19.1 / 2024-03-20

  • Allow passing non-strings to res.location with new encoding handling checks

4.19.0 / 2024-03-20

4.18.3 / 2024-02-29

  • Fix routing requests without method
  • deps: [email protected]
    • Fix strict json error message on Node.js 19+
    • deps: content-type@~1.0.5
    • deps: raw-body...

      Description has been truncated

@dependabot
Bump the npm_and_yarn group across 1 directory with 19 updates
8247cd9 
Bumps the npm_and_yarn group with 17 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [protobufjs](https://github.com/protobufjs/protobuf.js) | `6.11.3` | `6.11.4` |
| [lodash](https://github.com/lodash/lodash) | `4.17.15` | `4.17.21` |
| [babel-eslint](https://github.com/babel/babel-eslint) | `4.1.8` | `10.1.0` |
| [eslint](https://github.com/eslint/eslint) | `1.10.3` | `8.57.0` |
| [minimist](https://github.com/minimistjs/minimist) | `1.2.0` | `1.2.8` |
| [mkdirp](https://github.com/isaacs/node-mkdirp) | `0.5.1` | `0.5.6` |
| [browserify-sign](https://github.com/crypto-browserify/browserify-sign) | `4.0.4` | `4.2.3` |
| [decode-uri-component](https://github.com/SamVerschueren/decode-uri-component) | `0.2.0` | `0.2.2` |
| [express](https://github.com/expressjs/express) | `4.18.2` | `4.19.2` |
| [loader-utils](https://github.com/webpack/loader-utils) | `1.2.3` | `1.4.2` |
| [webpack-cli](https://github.com/webpack/webpack-cli) | `3.3.8` | `3.3.12` |
| [follow-redirects](https://github.com/follow-redirects/follow-redirects) | `1.15.2` | `1.15.6` |
| [fsevents](https://github.com/fsevents/fsevents) | `1.2.9` | `1.2.13` |
| [ip](https://github.com/indutny/node-ip) | `1.1.8` | `1.1.9` |
| [node-forge](https://github.com/digitalbazaar/forge) | `0.10.0` | `1.3.1` |
| [webpack-dev-server](https://github.com/webpack/webpack-dev-server) | `3.11.3` | `5.0.4` |
| [terser](https://github.com/terser/terser) | `4.3.1` | `4.8.1` |


Updates `protobufjs` from 6.11.3 to 6.11.4
- [Release notes](https://github.com/protobufjs/protobuf.js/releases)
- [Changelog](https://github.com/protobufjs/protobuf.js/blob/master/CHANGELOG.md)
- [Commits](https://github.com/protobufjs/protobuf.js/commits)

Updates `lodash` from 4.17.15 to 4.17.21
- [Release notes](https://github.com/lodash/lodash/releases)
- [Commits](lodash/lodash@4.17.15...4.17.21)

Updates `babel-eslint` from 4.1.8 to 10.1.0
- [Release notes](https://github.com/babel/babel-eslint/releases)
- [Commits](babel/babel-eslint@v4.1.8...v10.1.0)

Updates `eslint` from 1.10.3 to 8.57.0
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](eslint/eslint@v1.10.3...v8.57.0)

Updates `minimatch` from 2.0.10 to 3.0.4
- [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md)
- [Commits](isaacs/minimatch@v2.0.10...v3.0.4)

Updates `minimist` from 1.2.0 to 1.2.8
- [Changelog](https://github.com/minimistjs/minimist/blob/main/CHANGELOG.md)
- [Commits](minimistjs/minimist@v1.2.0...v1.2.8)

Updates `mkdirp` from 0.5.1 to 0.5.6
- [Changelog](https://github.com/isaacs/node-mkdirp/blob/main/CHANGELOG.md)
- [Commits](isaacs/node-mkdirp@0.5.1...v0.5.6)

Updates `browserify-sign` from 4.0.4 to 4.2.3
- [Changelog](https://github.com/browserify/browserify-sign/blob/main/CHANGELOG.md)
- [Commits](browserify/browserify-sign@v4.0.4...v4.2.3)

Updates `decode-uri-component` from 0.2.0 to 0.2.2
- [Release notes](https://github.com/SamVerschueren/decode-uri-component/releases)
- [Commits](SamVerschueren/decode-uri-component@v0.2.0...v0.2.2)

Updates `express` from 4.18.2 to 4.19.2
- [Release notes](https://github.com/expressjs/express/releases)
- [Changelog](https://github.com/expressjs/express/blob/master/History.md)
- [Commits](expressjs/express@4.18.2...4.19.2)

Updates `loader-utils` from 1.2.3 to 1.4.2
- [Release notes](https://github.com/webpack/loader-utils/releases)
- [Changelog](https://github.com/webpack/loader-utils/blob/v1.4.2/CHANGELOG.md)
- [Commits](webpack/loader-utils@v1.2.3...v1.4.2)

Updates `webpack-cli` from 3.3.8 to 3.3.12
- [Release notes](https://github.com/webpack/webpack-cli/releases)
- [Changelog](https://github.com/webpack/webpack-cli/blob/master/CHANGELOG.md)
- [Commits](webpack/webpack-cli@v3.3.8...v3.3.12)

Updates `follow-redirects` from 1.15.2 to 1.15.6
- [Release notes](https://github.com/follow-redirects/follow-redirects/releases)
- [Commits](follow-redirects/follow-redirects@v1.15.2...v1.15.6)

Updates `fsevents` from 1.2.9 to 1.2.13
- [Release notes](https://github.com/fsevents/fsevents/releases)
- [Commits](fsevents/fsevents@v1.2.9...v1.2.13)

Updates `ip` from 1.1.8 to 1.1.9
- [Commits](indutny/node-ip@v1.1.8...v1.1.9)

Updates `node-forge` from 0.10.0 to 1.3.1
- [Changelog](https://github.com/digitalbazaar/forge/blob/main/CHANGELOG.md)
- [Commits](digitalbazaar/forge@0.10.0...v1.3.1)

Updates `webpack-dev-server` from 3.11.3 to 5.0.4
- [Release notes](https://github.com/webpack/webpack-dev-server/releases)
- [Changelog](https://github.com/webpack/webpack-dev-server/blob/master/CHANGELOG.md)
- [Commits](webpack/webpack-dev-server@v3.11.3...v5.0.4)

Updates `terser` from 4.3.1 to 4.8.1
- [Changelog](https://github.com/terser/terser/blob/master/CHANGELOG.md)
- [Commits](terser/terser@v4.3.1...v4.8.1)

Updates `webpack-dev-middleware` from 3.7.3 to 7.2.0
- [Release notes](https://github.com/webpack/webpack-dev-middleware/releases)
- [Changelog](https://github.com/webpack/webpack-dev-middleware/blob/master/CHANGELOG.md)
- [Commits](webpack/webpack-dev-middleware@v3.7.3...v7.2.0)

---
updated-dependencies:
- dependency-name: protobufjs
  dependency-type: indirect
  dependency-group: npm_and_yarn-security-group
- dependency-name: lodash
  dependency-type: indirect
  dependency-group: npm_and_yarn-security-group
- dependency-name: babel-eslint
  dependency-type: direct:development
  dependency-group: npm_and_yarn-security-group
- dependency-name: eslint
  dependency-type: direct:development
  dependency-group: npm_and_yarn-security-group
- dependency-name: minimatch
  dependency-type: indirect
  dependency-group: npm_and_yarn-security-group
- dependency-name: minimist
  dependency-type: indirect
  dependency-group: npm_and_yarn-security-group
- dependency-name: mkdirp
  dependency-type: indirect
  dependency-group: npm_and_yarn-security-group
- dependency-name: browserify-sign
  dependency-type: indirect
  dependency-group: npm_and_yarn-security-group
- dependency-name: decode-uri-component
  dependency-type: indirect
  dependency-group: npm_and_yarn-security-group
- dependency-name: express
  dependency-type: indirect
  dependency-group: npm_and_yarn-security-group
- dependency-name: loader-utils
  dependency-type: indirect
  dependency-group: npm_and_yarn-security-group
- dependency-name: webpack-cli
  dependency-type: direct:development
  dependency-group: npm_and_yarn-security-group
- dependency-name: follow-redirects
  dependency-type: indirect
  dependency-group: npm_and_yarn-security-group
- dependency-name: fsevents
  dependency-type: indirect
  dependency-group: npm_and_yarn-security-group
- dependency-name: ip
  dependency-type: indirect
  dependency-group: npm_and_yarn-security-group
- dependency-name: node-forge
  dependency-type: indirect
  dependency-group: npm_and_yarn-security-group
- dependency-name: webpack-dev-server
  dependency-type: direct:production
  dependency-group: npm_and_yarn-security-group
- dependency-name: terser
  dependency-type: indirect
  dependency-group: npm_and_yarn-security-group
- dependency-name: webpack-dev-middleware
  dependency-type: indirect
  dependency-group: npm_and_yarn-security-group
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Mar 29, 2024
@dependabot dependabot bot mentioned this pull request Mar 29, 2024
Closed
@socket-security Socket Security
Copy link

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package New capabilities Transitives Size Publisher
npm/[email protected] Transitive: environment, filesystem +35 6.4 MB kaicataldo
npm/[email protected] environment, filesystem Transitive: eval, shell, unsafe +89 10.7 MB eslintbot
npm/[email protected] environment, filesystem, shell, unsafe Transitive: network +138 3.21 MB evilebottnawi
npm/[email protected] environment, eval, network Transitive: filesystem, shell, unsafe +211 17.4 MB evilebottnawi
npm/[email protected] Transitive: environment, filesystem, network, shell +9 1.48 MB turbo87
npm/[email protected] environment, filesystem, unsafe Transitive: eval, network, shell +284 16 MB sokra

🚮 Removed packages: npm/[email protected], npm/[email protected]

View full report↗︎

@socket-security Socket Security
Copy link

🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎

To accept the risk, merge this PR and you will not be notified again.

Alert Package NoteSource
Install scripts npm/[email protected]
  • Install script: install
  • Source: node install.js

View full report↗︎

Next steps

What is an install script?

Install scripts are run when the package is installed. The majority of malware in npm is hidden in install scripts.

Packages should not be running non-essential scripts during install and there are often solutions to problems people solve with install scripts that can be run at publish time instead.

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of ecosystem/package-name@version specifiers. e.g. @SocketSecurity ignore npm/[email protected] or ignore all packages with @SocketSecurity ignore-all

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants